<?php
include "func.php";
$m = explode(";",$_GET['m']);
$mode = $m[0];
if($mode == "new")
{
    $uid = $_COOKIE['ramble_id'];
    if(!$uid) exit("Please log in.");
    $tid = $m[1];
    $sid = $_GET['PHPSESSID'];
    if($_COOKIE['PHPSESSID'] != $sid) exit("wrong_session");
    session_id($sid);
    session_start();
    if($_SESSION['NaOH'] != md5($_SESSION['NaCl'] . $sid)) exit("invalid_post");
    $body = parser::parse($_POST["body"]);
    $err = array();
    $adv = (isset($m[2]) and $m[2] == "adv");
    if(!$body) exit("no_body");
    $date = time();
    $topic = $api->query('topic',$tid);
    $title = $_POST["title"];
    if(!$title) $title = "Re: {$topic['title']}";
    $api->q('UPDATE '. $config['mysql']['prefix'] .'topics SET topic_lastpost='. $date .' WHERE topic_id='. $tid);
    $params = array($title,$body);
    $sql = 'INSERT INTO '. $config['mysql']['prefix'] .'posts (`post_title`,`post_body`,`post_date`,`user_id`,`topic_id`) VALUES (?,?,'.$date.','.$uid.','.$tid.')';
    if($api->q($sql,$params) !== false) echo $api->get('topic','pages',$tid);
    else exit;
}
elseif($mode == "edit")
{
    $uid = $_COOKIE['ramble_id'];
    if(!$uid) exit();
    $pid = $m[1];
    $sid = $_GET['PHPSESSID'];
    if($_COOKIE['PHPSESSID'] != $sid) exit;
    session_id($sid);
    session_start();
    if($_SESSION['NaOH'] != md5($_SESSION['NaCl'] . $sid)) exit;
    $body = $_POST['body'];
    $api->q('UPDATE '. $config['mysql']['prefix'] .'posts SET `post_body`=? WHERE post_id='. $pid,$body);
    echo $api->get('post','body',$pid);
    exit;
}
?>